Rajesh Maurya, Fortinet’s Regional Director – India & SAARCBangalore: In an interview with ETCIO, Rajesh Maurya, Fortinet’s Regional Director – India & SAARC talks about security trends, cyber attacks and threats that affected businesses and organisations in Indian during 2016, security solutions that will have impact in 2017 and issues faced by CIOs and CISOs in dealing with security challenges.

Q1. From software security perspective which where the key trends that you observed among Indian enterprise customers in terms of adoption of security software and investments during 2016?

There is no border in terms of cybersecurity; the threats are the same all over the world.The three market segments in India − small and medium businesses (SMBs), enterprises, and service providers − are adapting security solutions rapidly. Various enterprises and the government sector have made significant investments for better security services.

SMBs that face the same problems as big corporations are also investing more in comprehensive solutions that can cover all aspects of cybersecurity. This year we see that service providers in India are investing heavily in their LTE or 4G infrastructure. In tandem, they are also spending on advanced security solutions to safeguard their new and upcoming systems against increasingly sophisticated attacks. We are also witnessing investments in terms of securing data centers.

Q2. In your observation, which type of cyber attacks and threats dominated and impacted Indian enterprises in 2016?

FortiGuard Labs’ threat intelligence shows that the malware activity has been increasing steadily in India over the course of 2016, with a marked increase towards the end of the year: More than 50% of the malware detections were seen in the last three months.

The malware attacks were dominated by ransomware, with the Nemucod downloader contributing to 43% among the top 10. This downloader is typically used to download the Locky ransomware, as well as its variants such as Thor. Locky has been very active globally in 2016 after first being observed in the first quarter, and has grown to be one of the most dominant ransomware around.

India has seen around 9% of the global ransomware detections in 2016.

The other threats observed by FortiGuard Labs in 2016 were DDoS attacks targeting NTP ​(Network Time Protocol)and Oracle servers. Also popular was an exploit of Netis routers from Netcore, which was a worldwide campaign to attack weak password vulnerability. In terms of verticals, financial services firms in India were the most targeted with malware, alongside education and healthcare.

Q3.Given this situation, what type of security solutions and technologies you think will have huge impact in 2017 and enterprises are likely to adopt and invest in?

In 2017 organizations will need a security fabric that weaves together security hardware, software, and communication protocols with advanced internal segmentation into a single architecture to deliver seamless, comprehensive threat protection across the expanding attack surface that comes from cloud and IoT.

To effectively counter APTs (Advanced Persistent Threats), firms will need to look beyond traditional perimeter firewalls, and even beyond conventional multi-layer defense measures. An effective APT defense framework will require the adoption of an internal segmentation firewalling (ISFW) architecture. ISFW works by restricting malware flow between different segments of the organization. When used in conjunction with real-time threat intelligence and APT detection solutions like sandboxing and endpoint security solutions, APTs can be promptly detected and quarantined.

The other aspect to spotting an APT is a good logging mechanism that can capture all network traffic − both internal and external − and make sense of all the logs. Here again, a security fabric that delivers total awareness across devices, users, content, and data flowing into and out of the network, as well as insight on traffic patterns, will come in handy.

Cloud, in particular, must be treated like an extension of the enterprise network, and firms need to deploy a security strategy that can see and govern the vast volumes of data traversing an entire borderless network, comprising wired and wireless access points, through both public and private networks, and across traditional and cloud infrastructures.

For the CISO, knowing what is connected to his network at any point in time is key to understanding his organization's security posture and the effectiveness of his other policies and processes. A security fabric will discover all network assets, let the administrator set up security goals, and then audit the policy on all fabric nodes to see whether the correct protection is in place for each asset.

Q4. Lastly, when it comes to software and cybersecurity in India, do you observe any particular trend among CIOs and CISOs in terms of dealing with security solutions?

CIOs have to deal with a growing list of issues that put tremendous strain on their security capabilities, including the Internet of Things (IoT), virtualization, SDN, a growing portfolio of interactive applications, and transitioning to cloud-based networking. They also have employees who expect to be able to access work applications and data from anywhere, at any time, and on the same device they use to manage their personal lives.

Networks have evolved to accommodate these new requirements, becoming more complex, flexible, and powerful. At the same time, securing them has become a lot more complicated as well.

Organizations can’t just keep adding new, siloed security solutions that don’t talk to other devices on their network, and that require separate management and collaboration tools. In many cases, this inability to share threat intelligence or synchronize a response to threats is actually making response times slower. What organizations need today is a collaborative system of tools, or fabric, that work together to monitor their network, share information, and respond to threats no matter where they occur.